zware/awx
1
0
Fork 0
mirror of https://github.com/ZwareBear/awx.git synced 2026-05-02 12:51:48 -05:00
Code Issues Packages Projects Releases Wiki Activity
19,530 Commits 35 Branches 71 Tags
7b087d4a6c3a9b3f1df275558305ac58e0738ced
Commit Graph

634 Commits

Author SHA1 Message Date
AlanCoding
6d4469ebbd handle inventory for WFJT editing RBAC 2018-11-19 12:51:29 -05:00
AlanCoding
0c52d17951 fix bug, handle RBAC, add test 2018-11-19 12:51:13 -05:00
Matthew Jones
61916b86b5 Fix a bug that did not allow project_admin's to create a project. 
This was a regression from previous functionality
 2018-11-19 11:05:48 -05:00
AlanCoding
6ae1e156c8 do not block superusers with MANAGE_ORGANIZATION_AUTH setting 2018-11-02 14:13:05 -04:00
AlanCoding
f9bdb1da15 Job splitting access logic and more feature development 
*allow sharding with prompts and schedules
*modify create_unified_job contract to pass class & parent_field name
*make parent field name instance method & set sharded UJT field
*access methods made compatible with job sharding
*move shard job special logic from task manager to workflows
*save sharded job prompts to workflow job exclusively
*allow using sharded jobs in workflows
 2018-10-31 11:04:10 -04:00
Ryan Petrello
34ceaf4551 fix a subtle bug in awx.main.access.OAuth2ApplicationAccess.can_read 
see: https://github.com/ansible/tower/issues/2952
 2018-08-30 14:21:03 -04:00
Ryan Petrello
ec735b7b47 check oauth_scopes in _every_ view 
see: https://github.com/ansible/tower/issues/2759
 2018-08-06 11:05:59 -04:00
Ryan Petrello
0aaa3807a9 allow access to JT labels if you have read access to the JT 
see: https://github.com/ansible/tower/issues/2180
 2018-07-31 15:13:24 -04:00
Yunfan Zhang
cb6d7dfe69 Fix credential leak when copying Job Templates. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-25 11:51:17 -04:00
AlanCoding
46c8920020 restore project_admin as role for project creation 2018-07-11 15:36:48 -04:00
AlanCoding
ec643d6406 fix regression of callback relaunch 2018-07-10 08:45:23 -04:00
Alan Rominger
a90329f21b Merge pull request #2385 from AlanCoding/team_org_object_roles 
Allow adding teams to org object roles
 2018-07-09 15:34:45 -04:00
Yunfan Zhang
307e5204fa Merge pull request #2447 from YunfanZhang42/fix_credential_leak 
Forbid users from using unauthorized credentials in projects and inventories.
 2018-07-09 15:06:39 -04:00
Yunfan Zhang
270102c188 Forbid users from using unauthorized credentials in projects and inventories. 
Signed-off-by: Yunfan Zhang <yz322@duke.edu>
 2018-07-09 15:04:53 -04:00
AlanCoding
e044b996e5 allow adding teams to org object roles 2018-07-09 14:13:57 -04:00
Guoqiang Zhang
5a4451ddd4 Fix serializers of unified_jobs & ad_hoc_commands to avoid special exceptions 2018-07-02 11:53:33 -04:00
Alan Rominger
a8c31a51e9 Merge pull request #2004 from AlanCoding/checkin_access 
Allow managing credentials with external user management
 2018-06-12 07:47:16 -04:00
Alan Rominger
951142d510 Merge pull request #1950 from AlanCoding/more_roles 
Cover testing of new 3.3 org roles for user security fix
 2018-06-12 07:45:36 -04:00
AlanCoding
b0b7f7a295 prohibit relaunching workflow jobs from other users 2018-06-07 13:01:15 -04:00
AlanCoding
74c6c350a1 show org-admins all teams if ALL USERS setting enabled 2018-06-05 07:55:13 -04:00
AlanCoding
253606c8bf allow managing credentials with external user management 2018-05-31 08:40:32 -04:00
Alan Rominger
232ad2a06c Merge pull request #1912 from AlanCoding/other_user_relaunch 
Disallow launching jobs with other user's prompts
 2018-05-29 11:51:13 -04:00
AlanCoding
e64e25fcc1 flake8 errors in access.py due to an upgrade 2018-05-25 11:28:38 -04:00
AlanCoding
e04a07f56c cover testing of new 3.3 org roles for user security fix 2018-05-24 13:56:38 -04:00
AlanCoding
c3368bc4ff disallow launching with other users prompts 2018-05-22 15:47:36 -04:00
AlanCoding
db6cc7c50b Add exception to allow relaunching callback jobs 
allows for execute_role level users to directly
relaunch callback-type jobs, even though limit
has changed from JT, it is a down-selection
 2018-05-17 14:41:56 -04:00
Ryan Petrello
357a735e56 fix a bug that prevented JT admins from editing diff mode 
see: https://github.com/ansible/tower/issues/801
 2018-05-14 16:01:36 -04:00
Ryan Petrello
5b55e3cb2b fix a bug that prevented JT admins from editing custom virtualenvs 
see: https://github.com/ansible/tower/issues/1754
 2018-05-14 14:12:22 -04:00
AlanCoding
ec1e94376c correctly check credential permission on WFJT copy 2018-05-03 07:42:59 -04:00
Alan Rominger
b62dfa3e49 Merge pull request #1658 from AlanCoding/check_wfjt_creds 
Check WFJT credentials fix
 2018-05-02 13:52:30 -04:00
AlanCoding
902b1af417 fix access check for wfjt node copy 2018-05-02 13:24:57 -04:00
AlanCoding
652f837622 update access check to plural creds 2018-05-02 11:37:38 -04:00
Chris Meyers
a2901a47ee Merge pull request #1410 from chrismeyersfsu/fix-revert_tower_special_group 
send all tower work to a user-hidden queue
 2018-04-20 14:21:50 -04:00
chris meyers
a56771c8f0 send all tower work to a user-hidden queue 
* Before, we had a special group, tower, that ran any async work that
tower needed done. This allowed users fine grain control over which
nodes did background work. However, this granularity was too complicated
for users. So now, all tower system work goes to a special non-user
exposed celery queue. Tower remains the fallback instance group to
execute jobs on. The tower group will be created upon install and
protected from deletion.
 2018-04-20 13:04:36 -04:00
AlanCoding
6cb237d5d9 fix event querysets for non superusers 2018-04-20 11:44:52 -04:00
Christian Adams
d08790a5b4 Merge pull request #1420 from rooftopcellist/act_stream_access 
Act stream access
 2018-04-19 11:51:33 -04:00
adamscmRH
b6fcfd43b1 Fix app activity stream permissions 2018-04-19 11:19:19 -04:00
AlanCoding
13c483e463 avoid server error adding job 2018-04-18 08:27:08 -04:00
AlanCoding
4995ee7a60 remove admin_role for users 2018-04-12 13:18:49 -04:00
AlanCoding
12979260bb include new org roles in permissions fix 2018-04-06 12:03:43 -04:00
AlanCoding
a344ceda0e User editing permission changes 
Only allow administrative action for a user
who is a system admin or auditor if the
the requesting-user is a system admin.

Previously a user could be edited if the
requesting-user was an admin of ANY of the
orgs the user was member of.
This is changed to require admin permission
to ALL orgs the user is member of.

As a special-case, allow org admins to add
a user as a member to their organization if
the following conditions are met:
- the user is not member of any other orgs
- the org admin has permissions to all of
  the roles the user has
 2018-04-06 09:51:08 -04:00
Alan Rominger
ab277e816a Merge pull request #1242 from AlanCoding/copy_scripts 
Remove shortcut for custom scripts copy
 2018-04-05 08:45:15 -04:00
AlanCoding
133cca1446 fix WFJT user_capabilities special-case 2018-04-05 08:04:18 -04:00
AlanCoding
6e1e7d8426 remove shortcut for custom scripts copy 2018-04-04 14:35:28 -04:00
Christian Adams
2b7ad578d5 Merge pull request #1121 from rooftopcellist/organization_based_permission 
Organization based permission
 2018-04-04 10:39:40 -04:00
adamscmRH
53139b109e clean up application logic 2018-04-04 10:22:49 -04:00
AlanCoding
8a7f00bdf7 fix bug where role name was given incorrectly 2018-04-03 13:39:16 -04:00
adamscmRH
9ef1fce5e1 add tests & correct auditor permissions 2018-04-03 11:03:50 -04:00
adamscmRH
e9a128138a add org-app endpoint & permissions 2018-04-03 08:58:53 -04:00
adamscmRH
a7625b8747 add organization to app model 2018-04-03 08:58:53 -04:00